Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
298 views
in Technique[技术] by (71.8m points)

javascript - Permission denied to access property 'Arbiter'

I have an iframe FB app. We have three places where we develop it: My localhost, stage server where we test the app, production server. Localhost and production have HTTPS. Localhost and stage apps have sandbox mode enabled. All versions of app are identical, code is the same. Stage and production are totally the same server machine with the same settings except of the HTTPS.

Now what is happening only at my stage server app: When I click on something where jQuery UI dialog should be summoned, it raises following error in my Firebug: Permission denied to access property 'Arbiter'. No dialog is summoned then. It's raised in somehow dynamically loaded canvas_proxy.php, within this code:

/**
 * Parses the fragment and calls Arbiter.inform(method, params)
 *
 * @author ptarjan
 */
function doFragmentSend() {
  var
    location = window.location.toString(),
    fragment = location.substr(location.indexOf('#') + 1),
    params = {},
    parts = fragment.split('&'),
    i,
    pair;

  lowerPageDomain();

  for (i=0; i<parts.length; i++) {
    pair = parts[i].split('=', 2);
    params[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
  }
  var p = params.relation ? resolveRelation(params.relation) : parent.parent;

  // The user is not inside a frame (probably testing on their own domain)
  if (p == parent || !p.Arbiter || !p.JSON) {
    return;
  }

  p.Arbiter.inform(
    'Connect.Unsafe.'+params.method,
    p.JSON.parse(params.params),
    getBehavior(p, params.behavior));
}

The line if (p == parent || !p.Arbiter || !p.JSON) { raises it. My script code linking the JS API looks like this:

<script src="https://connect.facebook.net/en_US/all.js#appId=APPID"></script>

Have anyone any clue why this could be happening? I found this and this, but these issues doesn't seem to be helpful to me (or I just don't get it). Could it be because of the HTTPS? Why it worked the day before yesterday? I am desperate :-(

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

whenever you have a permission denied message and you are dealing with frames or iframes, it's a document domain issue. One document belongs to domain x and the other is domain y. And notice that www.domain.com and domain.com are not the same document domains!

When you are tapping into the DOM of one framed document from another one, (whether it is for the purpose of changing the values of a page element or simply reading the values of some hidden variable or url etc), you will get a permission denied message unless both framed documents are served from the same/identical domains.

So, if one frame belongs to www.mydomain.com and the other happens to be just mydomain.com or www.someotherdomain.com, you get that bloody permission denied error.

And there is no way around it. And If there were, the identity theft problem would have sky-rocketed in no time.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...